tlshd: Dynamically allocate hostname

chucklever · chucklever · commit 808a57f8b9c0 · 2025-07-07T13:52:40.000-04:00
Ensure that, when allocation or DNS query fails, parms->peername always remains NULL. tlshd should not assume that the buffer returned from getnameinfo(3) will remain untouched if that call is unsuccessful. Fixes: 7655d96 ("tlshd: Move peername/peeraddr preparation") Reported-by: Ken Milmore <ken.milmore@gmail.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
diff --git a/src/tlshd/log.c b/src/tlshd/log.c
@@ -61,7 +61,7 @@ void tlshd_log_completion(struct tlshd_handshake_parms *parms)
 		status = "failed";
 		priority = LOG_ERR;
 	}
-	if (parms->peeraddr)
+	if (parms->peername && parms->peeraddr)
 		syslog(priority, "Handshake with '%s' (%s) %s\n",
 		       parms->peername, parms->peeraddr, status);
 	else
diff --git a/src/tlshd/netlink.c b/src/tlshd/netlink.c
@@ -232,8 +232,6 @@ static void tlshd_parse_certificate(struct tlshd_handshake_parms *parms,
 		parms->x509_privkey = nla_get_s32(tb[HANDSHAKE_A_X509_PRIVKEY]);
 }
 
-static char tlshd_peername[NI_MAXHOST] = "unknown";
-
 static int tlshd_genl_valid_handler(struct nl_msg *msg, void *arg)
 {
 	struct nlattr *tb[HANDSHAKE_A_ACCEPT_MAX + 1];
@@ -304,22 +302,24 @@ static int tlshd_genl_valid_handler(struct nl_msg *msg, void *arg)
 	tlshd_parse_certificate(parms, tb[HANDSHAKE_A_ACCEPT_CERTIFICATE]);
 
 	if (peername)
-		strncpy(tlshd_peername, peername, sizeof(tlshd_peername) - 1);
+		parms->peername = strdup(peername);
 	else if (sap) {
-		err = getnameinfo(sap, salen,
-				  tlshd_peername, sizeof(tlshd_peername),
+		char buf[NI_MAXHOST];
+
+		err = getnameinfo(sap, salen, buf, sizeof(buf),
 				  NULL, 0, NI_NAMEREQD);
 		if (err) {
 			tlshd_log_gai_error(err);
 			return NL_STOP;
 		}
+		parms->peername = strdup(buf);
 	}
 
 	return NL_SKIP;
 }
 
 static const struct tlshd_handshake_parms tlshd_default_handshake_parms = {
-	.peername		= tlshd_peername,
+	.peername		= NULL,
 	.peeraddr		= NULL,
 	.sockfd			= -1,
 	.ip_proto		= -1,
@@ -426,6 +426,7 @@ void tlshd_genl_put_handshake_parms(struct tlshd_handshake_parms *parms)
 		keyctl_unlink(parms->keyring, KEY_SPEC_SESSION_KEYRING);
 	g_array_free(parms->peerids, TRUE);
 	g_array_free(parms->remote_peerids, TRUE);
+	free(parms->peername);
 	free(parms->peeraddr);
 }
 

Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ void tlshd_log_completion(struct tlshd_handshake_parms *parms)`
`61`	`61`	`status = "failed";`
`62`	`62`	`priority = LOG_ERR;`
`63`	`63`	`}`
`64`		`- if (parms->peeraddr)`
	`64`	`+ if (parms->peername && parms->peeraddr)`
`65`	`65`	`syslog(priority, "Handshake with '%s' (%s) %s\n",`
`66`	`66`	`parms->peername, parms->peeraddr, status);`
`67`	`67`	`else`